Improper Access Control in Grandstream Networking Devices
CVE-2019-10657
6.5MEDIUM
What is CVE-2019-10657?
Certain Grandstream networking devices, specifically the GWN7000 and GWN7610 models, are susceptible to a vulnerability that enables remote authenticated users to exploit configuration requests and discover sensitive passwords. This security flaw occurs prior to specific firmware updates, exposing devices to unauthorized access by leveraging the /ubus/uci.apply configuration endpoint.